High Performance Network Port Scanners

Masscan is a command-line network scanner designed for large-scale discovery and infrastructure reconnaissance. It identifies open ports across specific network segments or the entire internet by probing vast address ranges with high efficiency. The tool functions as an asynchronous packet engine, bypassing standard operating system kernel networking stacks to transmit raw packets directly from application memory. The project distinguishes itself through a specialized architecture that manages millions of concurrent connections by separating packet transmission and reception into independent execution threads. It utilizes a stateless, index-based mathematical algorithm to randomize target selection, ensuring probes are distributed unpredictably across address spaces. To maintain consistent performance and prevent network congestion, the scanner employs a high-precision timer to regulate transmission rates and uses zero-copy buffer management to minimize memory overhead. The software provides a platform-agnostic interface for raw network access, allowing it to operate consistently across different hardware and operating system environments. It supports the export of collected reconnaissance data into structured formats such as XML, JSON, or plain text for further analysis. The application is distributed as a portable utility, with its core codebase maintained through standardized string handling and automated testing.

Nmap is a command-line network security scanner and reconnaissance framework designed for infrastructure mapping and security auditing. It functions as a packet crafting utility that probes target systems to identify active hosts, detect open ports, and determine the services and operating systems running on a network. The tool distinguishes itself through its ability to perform raw socket packet injection and stateful connection tracking, allowing it to bypass standard operating system networking stacks. It utilizes an asynchronous concurrency model to manage large-scale network scans and employs specialized packet manipulation techniques to evade firewalls and intrusion detection systems. Beyond basic discovery, the software integrates a scripting engine that enables users to automate complex network tasks, perform deep service interrogation, and conduct vulnerability assessments. It relies on signature-based identification and TCP/IP stack fingerprinting to provide detailed analysis of remote hardware and software configurations.

Bjorn is a penetration testing framework that automates network scanning, credential brute-forcing, vulnerability assessment, and data exfiltration, all coordinated through an event-driven task pipeline and controlled via a web-based dashboard. Its modular plugin architecture allows independent security modules to be loaded and chained together, with an asynchronous network scanner discovering live hosts and open ports without blocking the main execution flow. The framework distinguishes itself by integrating a credential brute-force engine that systematically attempts login combinations against network services, alongside a vulnerability assessment module that matches service fingerprints against a local database of known exploits. Post-exploitation data exfiltration capabilities extract sensitive files and database contents from compromised services, while a web-based control interface provides real-time monitoring and task management through RESTful API calls. For physical monitoring, Bjorn includes an e-Paper display driver that shows real-time operation status on a low-power e-ink screen, complementing the browser-accessible operation dashboard. The project is implemented in Python and provides a comprehensive set of tools for security assessment workflows.

EHole is a specialized toolkit for network asset parsing, binary transformation, payload generation, and vulnerability research. It functions as an asset discovery and fingerprinting tool designed to identify software versions and high-value assets across IP ranges and URLs using custom fingerprints. The project provides a vulnerability research toolkit for decrypting software credentials and retrieving factory default passwords for security devices and web applications. It also includes a security payload generator for encoding and escaping command strings to bypass shell tokenization and execute reverse shells across different operating systems. The toolkit covers broader capability areas including network asset parsing to extract identifiers from raw text and security scanner outputs, binary data transformation for converting files to hexadecimal strings, and network target management for filtering and sorting IP address lists. It also features system identification through keyword matching and regular expressions to detect specific software versions.

Ettercap is a network utility tool used for ARP spoofing, packet filtering, traffic interception, passive scanning, and DHCP hijacking. It functions as a network traffic interceptor and man-in-the-middle packet filter to monitor and manipulate live TCP/UDP connections on a local area network. The project provides specialized capabilities for traffic redirection via ARP cache poisoning, DHCP server spoofing, ICMP redirects, and switch port stealing. It also enables the emulation of rogue services and the decryption of SSH1 session streams by substituting public keys. Additional capabilities include network discovery through active host discovery and passive LAN scanning, as well as network topology mapping. The tool supports real-time traffic manipulation by injecting forged data into live streams and filtering network payloads using custom scripts.

tun2socks is a connectivity utility that functions as a transparent proxy client and Layer 3 network gateway. It routes system network traffic through a SOCKS5 proxy using a virtual tunnel interface and provides the ability to tunnel IPv4 traffic over IPv6 or vice versa. The project implements a userspace TCP/IP stack to intercept raw IP packets and translate them for transmission to remote proxy servers. It supports multiple proxy protocols, including HTTP, SOCKS4, SOCKS5, and Shadowsocks, allowing application traffic to be redirected without per-app configuration. The software includes capabilities for Layer 3 packet forwarding, enabling it to act as a gateway for other devices on a local network. It also provides controls for tuning TCP send and receive buffer sizes to balance network throughput and memory usage.

Naabu is a port scanner library and tool that probes hosts for open ports using SYN, CONNECT, and UDP methods to identify active services. It functions as a Go library for embedding port scanning into programs, and as a standalone tool that accepts targets as hostnames, IP addresses, CIDR ranges, or ASN numbers. The tool discovers live hosts before scanning, filters ports by range or top lists, and can integrate with Nmap for service version detection. The project distinguishes itself through its SYN-based port probing approach that sends TCP SYN packets and analyzes responses without completing the full handshake, enabling faster scans. It supports passive port enumeration through external services like Shodan InternetDB, and can exclude CDN or WAF IPs from full scans. Naabu also provides a REST API for programmatic scan triggering, configuration management, and result export, alongside the ability to embed port scanning directly into Go programs with callback-based result handling. The tool covers host discovery, port scanning, and service detection across multiple input formats and output options. It includes features for filtering scan targets, rescanning completed scans, and exposing scan metrics via HTTP. The project is available as a command-line tool and as a Go library, with support for Docker deployment.

RustScan is a high-speed TCP network scanner written in Rust, designed for security reconnaissance and network mapping. It functions as an automated port discovery engine that identifies open ports on remote hosts using IPv6 addresses, CIDR ranges, or bulk input files. The tool is built for rapid surface area discovery, utilizing parallel port processing and OS-aware performance optimizations to identify active services. It allows for scan precision tuning through adjustable connection timeout thresholds and concurrent request controls to balance speed and accuracy. The system integrates with external security toolchains by piping discovered port data into shell scripts and third-party programs for automated vulnerability analysis. It also supports global configuration profiles to maintain consistent parameters across multiple executions.

RustScan is a high-speed network reconnaissance tool designed for automated port discovery and service enumeration. It functions as an automated vulnerability scanner that identifies open ports and active services across network environments, providing a foundation for mapping attack surfaces and gathering intelligence on target systems. The tool distinguishes itself through its ability to dynamically adjust scanning parameters and concurrency in real-time based on system feedback, ensuring efficient performance while preventing network congestion. It features an extensible architecture that supports the execution of custom scripts and the automated piping of discovered data into external security utilities, including native integration with Nmap for deep service analysis. Beyond basic port discovery, the software supports payload-driven service probing to accurately classify network services and includes capabilities for UDP service identification. It is built as a cross-platform utility, utilizing a unified codebase to generate native binaries for multiple operating systems.